;; Copyright (C) 2023 Denis 'GNUtoo' Carikli ;; ;; This file is free software; you can redistribute it and/or modify it ;; under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 3 of the License, or (at ;; your option) any later version. ;; ;; You should have received a copy of the GNU General Public License ;; along with this file. If not, see . (define-module (mumble-vm-system) #:use-module (gnu) #:use-module (gnu packages admin) #:use-module (gnu packages dns) #:use-module (gnu packages linux) #:use-module (gnu packages ssh) #:use-module (gnu services admin) #:use-module (gnu services ssh) #:export (mumble-vm-operating-system)) (define-public %nginx-deploy-hook (program-file "nginx-deploy-hook" #~(let ((nginx-pid (call-with-input-file "/var/run/nginx/pid" read)) (mumble-server-pid (call-with-input-file "/var/run/mumble-server/mumble-server.pid" read))) ((lambda _ (kill nginx-pid SIGHUP) (kill mumble-server-pid SIGUSR1)))))) (define mumble-vm-operating-system (operating-system (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) (targets '("/dev/vda")))) ;; TODO: Does Mumble have some data? Is BTRFS safer than using ext4 ;; without doing many fsck? (file-systems (cons (file-system (device (file-system-label "Guix_image")) (mount-point "/") (type "ext4")) %base-file-systems)) (host-name "mumble-vm") (timezone "Europe/Paris") (packages (append (list htop iftop `(,isc-bind "utils") net-tools nmon openssh-sans-x) %base-packages)) (services (append (list ;; Networking (service static-networking-service-type (list (static-networking (addresses (list (network-address (device "eth0") (value "192.168.10.37/24")))) (routes (list (network-route (destination "default") (gateway "192.168.10.1")))) (name-servers '("192.168.10.1"))))) ;; OpenSSH (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) (use-pam? #f) (port-number 222) (permit-root-login #t) (password-authentication? #f) (challenge-response-authentication? #f) (authorized-keys `(("root" , (local-file "id_ed25519.pub")) ("gnutoo" ,(local-file "id_ed25519.pub")))))) ;; Unattended Upgrades (service unattended-upgrade-service-type)) (modify-services %base-services (guix-service-type config => (guix-configuration (authorized-keys (append (list (local-file "signing-key.pub")) %default-authorized-guix-keys))))))))) mumble-vm-operating-system